At 10:35 AM 7/1/2006, Geoff Bryant wrote:
>info-multinet@process.com wrote:
> >
> >Hi Hunter,
> >
> >>I think the only way to do that would be to set up packet filtering to
> >>block those. Rules like the following would allow only the specified
> >>hosts (or subnets) to connect:

> >...
> >>!
> >>! Allow certain address to connect via SSH
> >>!
> >>permit tcp 4.3.2.1 255.255.255.255 0 0 eq 22
> >>permit tcp 1.2.3.4 255.255.255.0 0 0 eq 22
> >>!
> >>! Deny all others
> >>!
> >>deny tcp 0 0 0 0 eq 22

> >
> >I was thinking that packet filters might be the (only) way to do it.
> >However I was also under the impression that changing them required a system
> >reboot. If this isn't the case then I think I'll give them a go!
> >
> >How efficient is MultiNet when it comes to reloading the packet filter

> file?
> >I'm thinking that if the server is up for a few hundred days -- as is often
> >the case with VMS -- and I reload the packet filters a few times a day, will
> >performance be adversely affected? (E.g. memory pool fragmentation?)
> >
> >Thanks!
> >
> > Jeremy Begg

>
>MultiNet 5.1 has some code to allow for dynamic changes to the filters from an
>application. This is laying the foundation for some future work. I don't
>recall if that is documented.


Yes, it is.


------
+-------------------------------+----------------------------------------+
| Dan O'Reilly | "There are 10 types of people in this |
| Principal Engineer | world: those who understand binary |
| Process Software | and those who don't." |
| http://www.process.com | |
+-------------------------------+----------------------------------------+